CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

EUVD-2026-33006

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General OIG of the U.S. National Aeronautics and Space Administration NASA has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities,...

CVE-2026-5577 Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

CVE-2026-5577 Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

Cross browser fingerprinting SQL注入漏洞

Cross browser fingerprinting is a cross-browser user tracking fingerprint library developed by Song Li as an individual developer. Cross browser fingerprinting has a SQL injection vulnerability, which stems from incorrect handling of parameter IDs in the flask/uniquemachineapp.py file. This...

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

CVE-2019-25560

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

CVE-2019-25560

Lyric Video Creator 2.1 is affected by a denial of service via MP3 processing. A crafted MP3 file with an oversized buffer can crash the application when opened through Browse song, as described in CVE-2019-25560. The vulnerability impacts the software’s ability to handle malformed MP3 input, est...

CVE-2019-25560 Lyric Video Creator 2.1 Denial of Service via MP3 File

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

CVE-2019-25560 Lyric Video Creator 2.1 Denial of Service via MP3 File

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

PT-2026-26905

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

Lyric Video Creator 安全漏洞

Lyric Video Creator is a video lyrics production tool provided by Lyric Video Creator Inc. Version 2.1 of Lyric Video Creator has a security vulnerability. This vulnerability arises from handling malformed MP3 files, and it could allow attackers to trigger the application crash by opening special...

WordPress Country Blocker for AdSense plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Country Blocker for AdSense versions = 1.0...

cskefu（春松客服） 跨站脚本漏洞

cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu prior to 8.0.1 contained a cross-site scripting vulnerability. This vulnerability originated from a cross-site scripting issue in the Upload function of...

SUSE CVE-2026-25578

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...

GO-2026-4413 Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome

Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comment field in song metadata. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious content into this field. Details Cross-site scripting or XSS is a...

CVE-2025-69620

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...

CVE-2026-25578

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...